VARIoT IoT vulnerabilities database

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. TOTOLINK of a6000r Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK A6000R is an excellent wireless router that uses advanced technology and design to provide users with an excellent network experience. A remote attacker can use this vulnerability to submit a special request and execute arbitrary commands in the application context

Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC9 has a command injection vulnerability, which is caused by the discovery of a command injection vulnerability in /goform/SetSambaCfg. Attackers can exploit this vulnerability to remotely execute arbitrary code

Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of AC9 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Attackers can exploit this vulnerability to remotely execute arbitrary code

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. TP-LINK TL-WR940N is a wireless router from TP-LINK of China. TP-LINK TL-WR940N has a buffer overflow vulnerability, which is caused by the boundary error of dnsserver1 and dnsserver2 parameters in /userRpm/Wan6to4TunnelCfgRpm.htm when processing untrusted input

A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Shenzhen Tenda Technology Co.,Ltd. of AC6 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC6 has a buffer overflow vulnerability, which is caused by a boundary error in the parameter src when processing untrusted input. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

ZTE Corporation is a leading global provider of integrated communications solutions. ZTE Corporation's ZSRV2 intelligent integrated multi-service router has a weak password vulnerability that can be exploited by attackers to obtain sensitive information.

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Cisco Systems Cisco Crosswork Network Controller Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. When the malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked

Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. MSM8996AU firmware, qam8255p firmware, QAM8295P Multiple Qualcomm products, including firmware, contain an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. AR8035 firmware, c-v2x 9150 firmware, CSRB31024 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018. LR12A , LR13 , NR15 Multiple MediaTek products contain vulnerabilities related to the deserialization of untrusted data.Service operation interruption (DoS) It may be in a state

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can exploit this vulnerability to set the device's NetSniper

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can exploit this vulnerability to set the local access control list of the device

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can exploit this vulnerability to set the QoS settings of the device

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can use this vulnerability to set up the dhcp service of the device

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from D-Link of China. Attackers can use this vulnerability to set the device's 2.4G and 5G advanced settings

A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 is a wireless router from D-Link of China. Attackers can use this vulnerability to set up virtual services on the device

A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-816 There are unspecified vulnerabilities in the firmware.Information may be tampered with. D-Link DIR-816 A2 is a wireless router from Taiwan's D-Link. Attackers can exploit this vulnerability to access and operate the DDNS service of the affected router, tamper with the DDNS settings, and obtain sensitive information

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. D-Link Systems, Inc. of DIR-823G The firmware contains vulnerabilities related to improper permission settings and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823G is a wireless router that provides network connectivity and management capabilities for home and small offices. An attacker can exploit this vulnerability to cause unauthorized access control

Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulnerability has been assigned a (CVE)ID:CVE-2023-7266. Huawei of TC7001-10 firmware, WS7200-10 firmware, WS7206-10 There are unspecified vulnerabilities in the firmware.Information is obtained and service operation is interrupted (DoS) It may be in a state